MAL-2025-8853 Malicious code in @malware-test-plonk-samba-hakam-mambo/test-mlw3-plonk-samba-hakam-mambo (npm)

The package @malware-test-plonk-samba-hakam-mambo/test-mlw3-plonk-samba-hakam-mambo was found to contain malicious code...

Malicious code in @malware-test-plonk-samba-hakam-mambo/test-mlw3-plonk-samba-hakam-mambo (npm)

The package @malware-test-plonk-samba-hakam-mambo/test-mlw3-plonk-samba-hakam-mambo was found to contain malicious code...

CVE-2024-45040

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...

CVE-2024-45040

CVE-2024-45040 affects gnark’s Groth16 proofs that use commitments to private witnesses. The issue breaks zero-knowledge properties when commitments are used with Groth16 (PLONK is not affected). Attacks could enumerate possible witness values if small, compromising privacy; completeness and soun...

CVE-2024-45040 gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...

CVE-2024-45040 gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...

Insufficient Entropy

github.com/consensys/gnark is vulnerable to Insufficient Entropy. The vulnerability is due to a flaw in randomness generation process which allows an attacker to generate a valid proof. The vulnerability allows a third party to derive a valid proof from a valid initial tuple. Note that the impact...

GO-2023-2119 Proof forgery due to insufficient randomness in github.com/consensys/gnark

A a third party may derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. This vulnerability is due to randomness being generated using a small part of the scratch memory describing the state, allowing for degrees of...

Plonk verifier KZG multi point verification

Impact The vulnerability allows a third party to derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. It is due to a randomness being generated using a small part of the scratch memory describing the state, allowing for...

GHSA-7P92-X423-VWJ6 Plonk verifier KZG multi point verification

Impact The vulnerability allows a third party to derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. It is due to a randomness being generated using a small part of the scratch memory describing the state, allowing for...

Bulletproofs 加密问题漏洞

Bulletproofs is a short non-interactive zero-knowledge proof by Benedikt Bünz Personal Developer, USA. Bulletproofs 2017/1066 suffers from a security vulnerability that stems from an insecure implementation of the Fiat-Shamir transformation. An attacker can exploit this vulnerability to forge...